AMENDMENT TO THE CLAIMS 



1-36 (canceled) 



1 37. (currently amended): A method for providing a capability to securely update 

2 information stored in a plurality of computer systems, wherein the method 

3 comprises: 

4 forming a protected partition within a hard drive of each of the computer 

5 systems 

6 storing, within nonvolatile storage of each computer system in the plurality 

7 of computer systems, a setup password, an operating system, and an 

8 initialization routine to execute within a processor of the computer system after 

9 power on of the computer system, wherein the initialization routine includes 

10 instructions causing the protected partition to be locked before the operating 

1 1 system is loaded, and wherein instructions causing information stored within the 

12 a predetermined location to be written within the protected partition after 

13 predetermined security procedures using the setup password have occurred but 

14 before the protected partition is locked; 

15 establishing a network connecting each computer system in the plurality of 

16 computer systems with a server system; 

1 7 generating a-fiJe an update partition fije within the server system; 

18 transmitting the a fib update partition fije over the network to each 

1 9 computer system in the plurality of computer systems; and 

20 storing the a-fite update partition file within the predetermined location of 

21 each computer system in the plurality of computer systems. 

1 38. (currently amended): The method of claim 37, wherein the initialization 

2 routine includes instructions causing the processor of the computer system to 

3 perform a method including: 

4 comparing information stored in the update protected partition with 
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5 information from the a f i l e update partition file stored within the predetermined 

6 location; 

7 when a matching portion of the information stored in the protected 

8 partition is found match a portion of the information stored within the fWe update 

9 partition file, overwriting the matching portion of the information stored in the 

10 protected partition with the portion of the information stored in the file update 

1 1 partition file if space around the match i ng portion of the information stored in the 

12 protected partition is sufficient; 

1 3 when a portion of the information stored in the protected partition is not 

14 found to match a portion of the information stored within the file update partition 

1 5 file, writing the portion of the information stored within the file update partition file 

16 to append to the information stored in the protected partition if space within the 

1 7 protected partition is sufficient; and 

18 locking the protected partition to prevent further modification of 

19 information stored within the protected partition. 

1 39. (currently amended): The method of claim 38, wherein 

2 a flag bit is set in non-volatile storage within the computing system when 

3 the file update partition file is stored at a predetermined location in non-volatile 

4 storage within the compufing system, and 

5 determining whether the file update partifion file is stored within the 

6 computing system for updating the protected partition is performed by 

7 determining whether the flag bit is set. 

1 40. (currently amended): The method of claim 38, wherein 

2 the method additionally comprises, after determining that the file update 

3 partition file is stored within the computing system for updafing the protected 

4 partifion, verifying whether the update partition file has been generated by the 

5 server system, and 
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6 the portion of the file update partition fite is written to the protected 

7 partition only following verification that the update partition file has been 

8 generated by the server system. 

1 41 . (currently amended): The method of claim 40, wherein verification that the 

2 file update partition fije has been generated by the server system includes: 

3 forming a first message digest by applying a hash algorithm to a portion 

4 of the file update partition fiJe ; 

5 forming a second message digest by decrypting a digital signature within 

6 the file update partition fite using a public key of the server system; and; 

7 determining that the first and second message digests are identical. 

1 42. (currently amended): The method of claim 40, wherein 

2 the predetermined setup procedures include verifying that the fUe update 

3 partition file has been generated by the server system includes signing an 

4 encrypted portion of the update partition file with a public key of the trusted 

5 server system, and 

6 the encrypted portion of the fite update partition fije has been prepared by 

7 signing, with a private key of the server system, a result of the application of an 

8 algorithm to data including a version of the setup password 

9 accessed by the server system. 

1 43. (currently amended): The method of claim 42, wherein 

2 the data includes the version of the setup password appended to a 

3 portion of the fite update partition file , 

4 said algorithm is a hash algorithm generating a message digest, and 

5 verifying that the update partition file has been generated by the server 

6 system includes applying the hash algorithm to the setup 

7 password stored within the computing system appended to a portion of the 

8 Update partition file to generate a first version of a message digest and 
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comparing the first version of the message digest with a second version of the 
message digest obtained by signing the encrypted portion of the update 
partition file. 



1 44. (currently amended): The method of claim 38, wherein 

2 the file update partition fije includes a plurality of entries and a plurality of 

3 encrypted elements, 

4 each entry within the plurality of entries includes information to be stored 

5 at a different location within the protected file partition, 

"6 each encrypted element within the plurality of encrypted elements is 

7 associated with an entry in the plurality of entries[[.]L 

8 the method additionally comprises, following determining that the file 

9 update partition fije is stored within the computing system for updating the 

10 protected partition, verifying whether each entry in the plurality of entries within 

11 the file update partition fije has been generated by the server system, and 

1 2 each entry in the plurality of entries within the file update partition file is 

13 written to the protected partifion only following verification that the entry has 

14 been generated by the server system. 

1 45. (previously presented): The method of claim 44, wherein verifying that the 

2 entry has been generated by the server system includes: 

3 forming a first message digest by applying a hash algorithm to the entry; 

4 forming a second message digest by signing the encrypted element 

5 associated with the entry using a public key of the server system; and; 

6 determining that the first and second message digests are idenfical. 

1 46. (currently amended): The method of claim 44, wherein verifying that the 

2 entry has been generated by the server system includes signing the encrypted 

3 element associated with the entry with a public key of the server system, and 

4 the encrypted element of the file update partition file has been prepared by 
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5 signing, with the private key of the server system, a result of the application of 

6 an algorithm to data including a version of the setup password accessed by the 

7 server system. 

1 47. (previously presented): The method of claim 46, wherein 

2 the data includes the version of the setup password appended to a the 

3 entry, 

4 the algorithm is a hash algorithm generating a message digest, and 

5 verifying that the entry has been generated by the server system includes 

6 applying the hash algorithm to the setup password stored within the computing 

7 system appended the entry to generate a first version of a message digest and 

8 comparing the first version of the message digest with 

9 a second version of the message digest obtained by signing the encrypted 
10 element. 

1 48. (currently amended): The method of claim 44, wherein 

2 information stored in the file updat e protected partition is compared to 

3 each entry in the plurality of entries within the update partition file, 

4 when a portion of the information stored in the protected partition is found 

5 to match the entry, the portion of the information stored in the protected partition 

6 is overwritten with the entry if space around the matching portion of the 

7 information stored in the protected partition is sufficient, and 

8 when a portion of the information stored in the protected partition is not 

9 found to match the entry, the entry is appended to the information stored in the 
10 protected partition if space within the protected partition is sufficient. 

1 49. (previously presented): The method of claim 38, wherein 

2 the method additionally comprises receiving an input signal from a 
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3 keyboard of the computing system and comparing the input signal with a signal 

4 corresponding to a setup password stored in non-volatile storage within the 

5 computing system, and 

6 the protected partition is left unlocked if the input signal matches the 

7 signal corresponding to the setup password. 

1 50. (currently amended): An interconnected system for providing updated 

2 information in a secure manner, wherein the interconnected system comprises: 

3 a network; 

4 a server system connected to the network and programmed to generate 

5 an update partition file and to transmit the update partition file over the network; 

6 and 

7 a computer system connected to the network, wherein the computer 

8 system includes a processor, non-volatile data storage including a hard drive 

9 having a protected partition, wherein the processor is programmed to receive the 

10 update partition file from the network and to store the update partition i nformation 

11 file in a predetermined location within the nonvolatile data storage outside the 

12 protected partition, and wherein the nonvolatile data storage stores an operating 

13 system and an initialization routine, executing within the processor after power on 

14 of the computer system, including instrucfions causing the protected partition to 

15 be locked before the operating system is loaded, and instructions causing 

16 information stored within the predetemiined location to be written within the 

17 protected partition after predetermined security procedures have occurred but 

18 before the protected partition is locked. 

1 51. (currently amended): The m e thod interconnected system of claim 50, 

2 wherein the initialization routine includes instructions causing the processor of 

3 the computer system to perform a method including: 

4 comparing information stored in the update protected partition with 

5 information from the a-4ite update partition file stored within the predetermined 
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6 location; 

7 when a matching portion of the information stored in the protected 

8 partition Is found match a portion of the information stored within the update 

9 partition file, ovenA/riting the matching portion of the information stored in the 

1 0 protected partition with the portion of the information stored in the protected 

1 1 partition if space around the matching portion of the information stored in the 

12 protected partition is sufficient: 

13 when a portion of the information stored in the protected partition Is not 

14 found to match a portion of the information stored within the update partition file, 

1 5 writing the portion of the Information stored within the update partition file to 

16 append to the Information stored in the protected partition if space within the 

17 protected partition is sufficient; and 

1 8 lodging the protected partition to prevent further modification of 

19 information stored within the protected partition. 

1 52. (currently amended): The m e thod interconnected system of claim 51 , 

2 wherein 

3 a flag bit is set in non-volatile storage within the computing system when 

4 the file update partition file is stored at a predetermined location in non-volatile 

5 storage within the computing system, and 

6 determining whether the file update partition file is stored within the 

7 computing system for updating the protected partition is performed by 

8 determining whether the flag bit is set. 

1 53. (currently amended): The m e thod interconnected system of claim 51 , 

2 wherein 

3 the method additionally comprises, after determining that the update 

4 partition file Is stored within the computing system for updating the protected 

5 partition, verifying whether the update partition file has been generated by a 

6 trusted server system, and 
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7 the portion of the update partition file is written to the protected partition 

8 only following verification that the update partition file has been generated by 

9 the server system. 

1 54. (currently amended): The m e thod interconnected svstem of claim 53, 

2 wherein verification that the update partition file has been generated by the 

3 server system includes: 

4 forming a first message digest by applying a hash algorithm to a portion 

5 of the update partition file; 

6 forming a second message digest by decrypting a digital signature within 

7 the update partition file using a public key of the server system; and; 

8 detennining that the first and second message digests are identical. 

1 55. (currently amended): The m e thod interconnected svstem of claim 53, 

2 wherein 

3 the predetermined setup procedures include verifying that the update 

4 partition file has been generated by the server system includes signing an 

5 encrypted portion of the update partition file with a public key of the trusted 

6 server system, and 

7 the encrypted portion of the update partition file has been prepared by 

8 signing, with a private key of the server system, a result of the application of an 

9 algorithm to data including a version of the a setup password accessed by the 
10 server system. 

1 56. (currently amended): The m e thod interconnected svstem of claim 55, 

2 wherein 

3 the data includes the version of the setup password appended to a 

4 portion of the update partition file, 

5 the algorithm is a hash algorithm generating a message digest, and 
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6 verifying that the update partition file has been generated by the server. 

7 system includes applying the hash algorithm to the setup 

8 password stored within the computing system appended to a portion of the 

9 update partition file to generate a first version of a message digest and 

1 0 comparing the first version of the message digest with a second version of the 

1 1 message digest obtained by signing the encrypted portion of the update 

12 partition file. 

1 57. (currently amended): The m e thod interconnected svstem of claim 51 , 

2 wherein 

3 the file update partition file includes a plurality of entries and a plurality of 

4 encrypted elements, 

5 each entry within the plurality of entries includes information to be stored 

6 at a different location within the protected file partition, 

7 each encrypted element within the plurality of encrypted elements is 

8 associated with an entry in the plurality of entries. 

9 the method additionally comprises, following determining that the fite 

10 update partition file is stored within the computing system for updating the 

1 1 protected partition, verifying whether each entry in the plurality of entries within 

12 the file update partition file has been generated by the server system, and 

1 3 each entry in the plurality of entries within the file update partition file is 

14 written to the protected partition only following verification that the entry has 

1 5 been generated by the server system. 

1 58. (currently amended): The method interconnected svstem of claim 57. 

2 wherein verifying that the entry has been generated by the server system 

3 includes: 

4 forming a first message digest by applying a hash algorithm to the entry; 

5 forming a second message digest by signing the encrypted element 

6 associated with the entry using a public key of the server system; and; 
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7 determining that tlie first and second message digests are identical. 

1 59. (currently amended): The method interconnected system of claim 57, 

2 wherein verifying that the entry has been generated by the server system 

3 includes signing the encrypted element associated with the entry with a public 

4 key of the server system, and the encrypted element of the file update partition 

5 file has been prepared by signing, with the private key of the server system, a 

6 result of the application of an algorithm to data including a version of the a setup 

7 password accessed by the server system. 

1 60. (currently amended): The m e thod interconnected system of claim 59, 

2 wherein 

3 the data includes the version of the setup password appended to a the 

4 entry, 

5 said algorithm is a hash algorithm generating a message digest, and 

6 verifying that the entry has been generated by the server system includes 

7 applying the hash algorithm to the setup password stored within the computing 

8 system appended the entry to generate a first version of a message digest and 

9 comparing the first version of the message digest with a second version of the 
10 message digest obtained by signing the encrypted element. 

1 61 . (currently amended): The m e thod interconnected system of claim 57, 

2 wherein 

3 information stored in the f ile updato protected partition is compared to 

4 each entry in the plurality of entries within the update partition file, 

5 when a portion of the infomiation stored in the protected partition is found 

6 to match the entry, the portion of the information stored in the protected partition 

7 is ovenwritten with the entry if space around the match i ng portion of the 

8 information stored in the protected partition is sufficient, and 
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9 when a portion of the information stored in the protected partition is not 

10 found to match the entry, the entry is appended to the information stored in the 

1 1 protected partition if space within the protected partition is sufficient. 

1 62. (currently amended): The method interconnected system of claim 51 , 

2 wherein 

3 the method additionally comprises receiving an input signal from a 

4 keyboard of the computing system and comparing the input signal with a signal 

5 corresponding to a setup password stored in non-volatile storage within the 

6 computing system, and 

7 the protected partition is left unlocked if the input signal matches the 

8 signal corresponding to the setup password. 
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